1

I am working on a j2ee project, which is a public website. The application has a lot of security built in.

It makes a call over MQs to a mainframe DB, i believe its a secure conversation. Everything works fine till this place.

My job is to make a call to a third party secure webservice, the url for the webservice is a https url.

When i make the first call from the application to the webservice, everything works well but if i place this call after the mainframe call, I get the following error.

the trust store located at "mynode" cannot be loaded. DerInputstream.getlength length tag=127 too big

Please pardon me, I cannot paste the code or config here, as its a client project. The environment used is: IBM WAS 6.1 with webservices feature pack 6.0.15 & Spring Webservices 1.5.4

Any help would be appreciated. Thanks in advance

dharam
  • 7,882
  • 15
  • 65
  • 93

1 Answers1

1

By default, there's only one keystore per JVM. Once you load the WMQ one, the web service will fail and vice versa. You can write code to manage multiple keystores as described in this post. In that case I suspect WMQ will need to use the JVM keystore while your app can select the alternate keystore through code.

Community
  • 1
  • 1
T.Rob
  • 31,522
  • 9
  • 59
  • 103
  • Hi, Thanks for the answer... I would like to point that i am loading the certificate for secure webservice in the default trust store only. Also, if I make the call to webservice before MQ call there is absolutely no problem, but only the reverse condition is creating issues(i.e. making Webservice call after MQ call) – dharam Nov 03 '11 at 15:05
  • Ah, OK. I misunderstood the question. Same answer applies, though. when you cause the WMQ keystore to be loaded first, the default keystore isn't being found. Part of the process of loading the default keystore is to check and see if there's a keystore already loaded. Apparently WMQ doesn't locate it's keystore the same way and therefore doesn't hit this problem. – T.Rob Nov 04 '11 at 01:29
  • Hey thanks for the effort in solving my problem.. I took around 5-6 days to fix that, but your answer above showed me the path for this. Many thanks :) – dharam Dec 04 '11 at 07:09
  • Glad to hear it helped! Sounds as though there may be some additional details of the solution that weren't captured here though. If you have a moment to update your post with those, it would help others with the same issue in future. Thanks! – T.Rob Dec 04 '11 at 14:00